Forum Discussion
nitass
Oct 22, 2011Employee
tcpdump would contain 2 side of connections; one is between client and f5 (client-side) and the other one is between f5 and server (server-side). you may filter syn packet first by using tcp.flags.syn eq 1. then, you may follow tcp stream to check what client sends in client-side connection, does f5 send it to server in server-side, what is respond from server in server-side, etc.
since 8895 is not default http port, you have to tell wireshark to decode port 8895 as http by right clicking at any packet, select decode as and choose port 8895 as http.
cheer!